Skip to content

AS4mir/CVE-2021-45008

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 

Repository files navigation

CVE-2021-45008

Privilege Escalation from user to admin

Affected product and version: Plesk Obsidian 18.0.37

Severity: Critical

Impact: Gain high privilege from user to admin and access critical information

Description: insecure permissions vulnerability that allows unprivilege user to get admin rights.

Steps to reproduce:

  1. Login with user account with low roles
  2. Capture the request with burp

image

  1. Will note that the Super admin flag parameter is false
  2. Forward the request to login

image

  1. Now logout and enter credentials to login again and capture the request

  2. Change the value of Super admin flag parameter from false to true and forward the request image

  3. Will see more information like bank account and other info

image

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published